I just received a password reminder, shouldn't such a thing be verified before it's given? BTW, I could still login with my usual password this morning. While the message was sent 11 hours ago. Also the IP resolves to Munich Germany, nowhere near my location. Has this been looked into already?
Someone (probably you, from IP address 84.154.85.157) requested that we send you a new Wikipedia login password. The password for user "MacGyverMagic" is now "**********". You should log in and change your password now.
Isn't this very simple? The verification is, that the password is sent not to any emailadress but to your emailadress, that you have registered at Wikipedia that goes together with your user account. Why don't you log out and try to log in as me, Habj - then you see exactly how this has happened.
It seems reasonable, IMO, that both passwords should be valid for a while. Otherwise, I could disturb you by over and over again trying to log in as you and ask for new passwords, and thereby stopping you from logging in until you have had the possibility to check your e-mail.
/Habj
On 7/5/05, MacGyverMagic/Mgm macgyvermagic@gmail.com wrote:
I just received a password reminder, shouldn't such a thing be verified before it's given? BTW, I could still login with my usual password this morning. While the message was sent 11 hours ago. Also the IP resolves to Munich Germany, nowhere near my location. Has this been looked into already?
Someone (probably you, from IP address 84.154.85.157) requested that we send you a new Wikipedia login password. The password for user "MacGyverMagic" is now "**********". You should log in and change your password now. _______________________________________________ WikiEN-l mailing list WikiEN-l@Wikipedia.org http://mail.wikipedia.org/mailman/listinfo/wikien-l
On 05/07/05, Habj sweetadelaide@gmail.com wrote:
Isn't this very simple? The verification is, that the password is sent not to any emailadress but to your emailadress, that you have registered at Wikipedia that goes together with your user account.
This is absolutely correct, and reasonably standard practice; what better verification could there be? There are password reminder questions, but IMHO these either boil down to "you forgot your password, what's your password?" [be it the same one or a secondary "backup" password] or helpfully assist anyone trying to guess their way into your account.
It seems reasonable, IMO, that both passwords should be valid for a while.
In fact, IIRC, both passwords are valid indefinitely - there is no reason for an "I forgot my password" feature to disable normal use of the account. If the randomly generated password from the e-mail is used, you have the chance to set it to something you haven't forgotten; but if you haven't forgotten the original after all, don't bother.
MacGyverMagic/Mgm wrote:
Someone (probably you, from IP address 84.154.85.157) requested that we send you a new Wikipedia login password. The password for user "MacGyverMagic" is now "**********". You should log in and change your password now. _______________________________________________ WikiEN-l mailing list WikiEN-l@Wikipedia.org http://mail.wikipedia.org/mailman/listinfo/wikien-l
I have a question regarding this, I have had to send myself a password reminder then remembered my password, now it seems that the main password stays active when sending a password reminder. So my questions are:
1. does the alt. password that was sent to you stay active indefinately as well?
2. If so isn't that a huge security risk?
On 05/07/05, Jtkiefer jtkiefer@wordzen.net wrote:
- does the alt. password that was sent to you stay active indefinately
as well?
If I remember the gist of the code right, then yes, it probably does. Glancing at the code, I think it gets deleted from the DB when you next change your password.
- If so isn't that a huge security risk?
Not really - it's no easier to guess than your "real" one (probably harder, unless you're paranoid enough to use properly pseudo-random strings rather than something vaguely word or number like), and only you ever knew it.
Since exactly one random password + one "real" password can be active at any time, it's equivalent to halving the odds of picking the right one randomly. Sounds scary, until you consider that half of several billion (?) possibilities is still several billion possibilities. I don't know what the odds actually are, but human predictability reduces the search space by far more than having 2 valid passwords ever could. [And as I say, the generated password is likely in that part of the search space that crackers would leave till last, as it's more likely the user will have chosen something at least vaguely predictable].
On 7/5/05, Rowan Collins rowan.collins@gmail.com wrote:
Not really - it's no easier to guess than your "real" one (probably harder, unless you're paranoid enough to use properly pseudo-random strings rather than something vaguely word or number like), and only you ever knew it.
I use a random password, taken from /dev/random. I highly recommend it; it's just as easy to remember and much safer.
Since exactly one random password + one "real" password can be active at any time, it's equivalent to halving the odds of picking the right one randomly.
Not quite. The random password has been sent out by email, so it is stored and archived who-knows-where.
On 05/07/05, David Benbennick dbenbenn@gmail.com wrote:
Since exactly one random password + one "real" password can be active at any time, it's equivalent to halving the odds of picking the right one randomly.
Not quite. The random password has been sent out by email, so it is stored and archived who-knows-where.
So don't register an e-mail address with your account, and then no generated password will ever be sent out that way. This danger isn't really reliant on the password being valid for a long time, only on it being sent to or through an insecure e-mail server. If you're worried someone may be trying to exploit the e-mailed password to get into your account, change your real password, and it will immediately cease being valid.
Besides, if this was a banking site, I'd take these issues a bit more seriously; if someone just wants to impersonate or disadvantage you on Wikipedia, I'm sure they could find simpler ways anyway.
Yes -- this is the only real vulnerability: that the password being sent might be intercepted or snooped upon. Not in someone guessing it.
(Unless of course the password generator is not really very random. If it is based on something un-interesting and reasonably calculatable like the computer clock timer or the sending IP address then maybe one would have a problem.)
FF
On 7/5/05, Rowan Collins rowan.collins@gmail.com wrote:
So don't register an e-mail address with your account, and then no generated password will ever be sent out that way. This danger isn't really reliant on the password being valid for a long time, only on it being sent to or through an insecure e-mail server. If you're worried someone may be trying to exploit the e-mailed password to get into your account, change your real password, and it will immediately cease being valid.
Besides, if this was a banking site, I'd take these issues a bit more seriously; if someone just wants to impersonate or disadvantage you on Wikipedia, I'm sure they could find simpler ways anyway.
-- Rowan Collins BSc [IMSoP] _______________________________________________ WikiEN-l mailing list WikiEN-l@Wikipedia.org http://mail.wikipedia.org/mailman/listinfo/wikien-l
On 7/6/05, Rowan Collins rowan.collins@gmail.com wrote:
Besides, if this was a banking site, I'd take these issues a bit more seriously; if someone just wants to impersonate or disadvantage you on Wikipedia, I'm sure they could find simpler ways anyway.
BookCrossing uses a similar mechanism, but it's the original password that gets sent out to the registered email address. Problems come when this email address is one no longer in use, and then we have to ask questions based on information stored on the profile that isn't publicly available.
I think the only serious attempt at abuse we had was a disgruntled ex-husband who wanted to delete his ex-wife's account. He didn't know her password, he wasn't on the email address, and when we asked him her birthday, he didn't know it!
It is good practice to change your password immediately after getting a password reminder. As noted above, it deletes your temp password and you can then choose one that you can either remember easily or scrawl on a post-it and throw away a week later.
And again, what precisely is at risk here? WP is a project where just about everything is revertable (and frequently is). If my on-line banking was compromised but I could easily reverse any transactions, I wouldn't be too concerned.
And after all, WP allows anyone to edit anything. We seem to deal with malicious users quite well, at least until such people reach senior positions in the WP heirarchy.
Probably the only real damage (apart from annoyance and confusion) that could be done by a compromised password is the alteration of private details, and I would hope that these could be restored reasonably easily when the real editor complains.
On 7/5/05, Skyring skyring@gmail.com wrote:
And again, what precisely is at risk here? WP is a project where just about everything is revertable (and frequently is).
Images can't be undeleted. Sometimes deleted images can be found on mirrors, but I'm sure that isn't the case for recently-uploaded images. So if you compromise an administrator account, yes, you can potentially do permanent damage.